New Hardware Deployment, handling windows updates and patching while on the tech bench.
Currently I have an Kace SMA environment with a monthly Microsoft Patching Schedule setup.
My scripted installations from the Kace SDA done by our inhouse technicians uses the most current Windows 10 source media. (ex. 22H2.1)
Currently, machines are given to me once the installation is complete, and I need to push windows updates and patching to them before deployment.
Is there a better way to do this? Can the Kace SDA do all windows patching to current during the scripted installation procedure?
What are you guys doing, and what is the recommended best practice for patching and updating windows with Kace prior to end user deployment?
Ideally, I'd love a way to configure the patching to begin automatically when an agent first is detected, the technician could just leave the machines on the tech bench for an extra day while the updates complete.
Many thanks!
Answers (3)
the SDA cannot do it by itself.
BUT! you can use a tool like wsusoffline (the former C'T Offline update from a famous German IT newspaper) see here: https://download.wsusoffline.net/ or use streamlined slipstreaming media, which you update regulary for updating with the latest patches.
I personally put the newly installed systems in a label, which contains the systems which were deployed in the last 48 hours (can be done now via the wizard) and have next to the usual scripts and software deployments also a detect and deploy tasks which runs all 2hr, so the patching goes throug automaticly.
But as usual: you have many options to do what you want
That's a bummer, you'd think Kace would have an option in the agent to be able to set a deployment or list of deployments to be labeled as immediate once the agent is first detected.
Comments:
-
it is like that.
You simply click your label and add the software you want to install to this label and you are done.
A few years ago you had to create the label with SQL knowledge but nowadays it is easy.
(Smart Label: Created is within last 48 hours as an example)
or as SQL
SELECT MACHINE.NAME AS SYSTEM_NAME, SYSTEM_DESCRIPTION, MACHINE.IP, MACHINE.MAC, MACHINE.ID as TOPIC_ID FROM MACHINE WHERE (((TIMESTAMP(MACHINE.CREATED) <= NOW() AND TIMESTAMP(MACHINE.CREATED) > DATE_SUB(NOW(),INTERVAL 48 HOUR))))
and in the deployment (or script, depending what you need) you just add the previously created label.
It is not rocket science and in Jumpstart (or Quickstart) this is also a major topic to show this to new customers.
(and a similar example is also in the Admin guide, so it is definitely not a bummer but the basic functionality of the appliance.) - Nico_K 1 year ago-
Do you have a link to the documentation that covers this?
I have a couple questions, is the smart label a discovery or device type? And is there a way to set the schedule of a patch deployment to be "ondemand"? Meaning it kicks off only to the machines in the smart label when they are detected? Also, it appears as though Kace doesn't recognize the "created" date as when the machine is imaged. We constantly reimage devices and reuse them in our environment, and it doesn't looks as though kace updates the "created" date when a machine has been reimaged. How are you guys handling that as well? - computeguy12119 1 year ago-
I suppose what would need to happen is you delete the device from the SDA before imaging. Is there an automated script that exists that would do this automatically during the SMA scripted installation process of imaging a machine, or resets the created date. I've tried "SDA Deployment Time" is within last 24 hours, and that doesn't return reimaged machines. As for the patching schedueling for these newly discovered clients, I guess I would just set it to run every hour? The technicians don't have access to the SDA, so it needs to be automated. Most in any 24 hour time period that would be reimaged and need patching is tops 10-15 machines a day, so that shouldn't cause too much overhead. My issue would be the duplicate requests to patch messing up the patching of machines already in process of getting patch a couple hours earlier. Kace doesn't seem to have the smarts to check if the device is patching first before issuing another command to it. - computeguy12119 1 year ago